25 May 2016 at 23:41
Seattle Suehawks: Smart meter hush-up launched because, er … terrorism
Security through obscurity, amirite?
Smart meter makers are battling to keep Seattle’s power grid designs under wraps – claiming that if the details are made public, they could be exploited by hackers to plunge the US city into darkness.
Sysadmin-activist Phil Mocek requested documents from the city on its smart meter system under the Freedom of Information Act, only to be menaced by a lawsuit claiming the release of files describing the network would pose a major security risk.
Attorneys representing contractors Landis & Gyr Technology and Sensus Inc have filed a restraining order [PDF] seeking to prevent Mocek from getting hold of blueprints for a network of smart meters they proposed to the Seattle City Light power utility.
At the heart of the matter are the unredacted proposals submitted by the smart meter suppliers, which Mocek tried to obtain from city officials using freedom-of-information laws. Mocek had asked for the documents as part of an investigation into Seattle’s use of smart meters to monitor energy use within private residences. He isn’t happy that the technology is “shrouded in secrecy,” and is upset at the “complete lack of public justification of the expense” of installing the meters.
Among the eight companies that submitted bids to provide the smart meters and monitoring systems for the city grid was Sensus Inc, who, along with Landis & Gyr, was ultimately awarded the contract [PDF] for the meter network.
Mocek obtained redacted copies of the proposed designs – but he insisted on receiving documents that had only been censored for legal reasons rather than redacted on the whims of the smart meter makers. The city’s officials claim they are not qualified to censor the files, and thus have to rely on the vendors to remove various bits of the dossiers.
While Mocek and city staff tussled over the redactions, in a preemptive strike this week the contractors filed for an injunction in King County Superior Court, Washington, against the city and Mocek to ensure the unredacted versions of their proposals are withheld from the public, alleging that the release would put the city at risk of serious cyber-attack.
What’s more, Sensus claims Mocek was given unredacted versions of some of its documents and duly put the files online, so the supplier is demanding damages, wants the data taken down, and is asking for a list of everyone who downloaded the dossier.
“The information Sensus has redacted contains specific details that, if publicly released, would increase the risk of both cyber-intrusions and physical attacks on the utility grid,” Sensus says in its filing.
Sensus goes on to argue that if details of its bid with the city of Seattle were released in full, hackers could use the data to craft targeted attacks on its smart meters and plot attacks against the physical locations housing the network monitoring hardware.
The vendor claims that revealing such details to the public could “lead to hacking, reverse engineering, or destruction of the device itself.” Sensus did not respond to a request for comment on the matter.
There is some precedent for Sensus’ argument that its systems could be targeted by hackers. Researchers recently found that an advanced persistent threat malware infection was responsible for a power outage that struck Ukraine late last year.
Whether a US court will buy that argument and prevent the contractors’ bid for public funds from being released to the public, however, remains to be seen. ®